Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\TermService] 'Start' = '00000002'
- '<SYSTEM32>\net1.exe' user guest /active:yes
- '<SYSTEM32>\svchost.exe' -k DComLaunch
- <SYSTEM32>\svchost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\log[1].php
- <SYSTEM32>\dllcache\termsrvhack.dll
- <SYSTEM32>\termsrvhack.dll
- <SYSTEM32>\dllcache\termsrvhack.dll
- <SYSTEM32>\termsrvhack.dll
- '1.##4.91.43':80
- 'localhost':1037
- 1.##4.91.43/log.php